cjohnson300
asked on
How do I tell ISA to forward all requests for a network to another default gateway?
I'm not overly familiar with ISA, but we've had it for a while now and it seems to do a job and there doesn't seem to be an immediate need to swap it out, but i just can't work out how to do this!
We have site A connected via Cisco VPN in the 192.168.202.x range. Our LAN (site B) is 192.168.1.x and the VPN terminates on 192.168.1.10. The default gateway (the ISA server) of site B is 192.168.1.254. If i want a computer on site B wants to talk to Site A, i add a persistent route on the computer to tell it to use 192.168.1.10 as the gateway and all is well.
I now have a scenario where an IP device on site A needs to connect to site B but doesn't have the facility to let me add another static route. Can i tell ISA to forward any requests for 192.168.202.x that is receives to 192.168.1.10? That would potentially mean i dont have to add any more routes
Many thanks
We have site A connected via Cisco VPN in the 192.168.202.x range. Our LAN (site B) is 192.168.1.x and the VPN terminates on 192.168.1.10. The default gateway (the ISA server) of site B is 192.168.1.254. If i want a computer on site B wants to talk to Site A, i add a persistent route on the computer to tell it to use 192.168.1.10 as the gateway and all is well.
I now have a scenario where an IP device on site A needs to connect to site B but doesn't have the facility to let me add another static route. Can i tell ISA to forward any requests for 192.168.202.x that is receives to 192.168.1.10? That would potentially mean i dont have to add any more routes
Many thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
pwindell - many thanks for your answer, it must be the most comprehensive answer I've ever received!
I appreciate what you're saying, it was never my attention to use our ISA box as a router, I was just trying to get something to work as a short term solution until some proper network planning could be done.
If ISA can't do it that's fine I'll need to find another way.
I appreciate what you're saying, it was never my attention to use our ISA box as a router, I was just trying to get something to work as a short term solution until some proper network planning could be done.
If ISA can't do it that's fine I'll need to find another way.
I appreciate what you're saying, it was never my attention to use our ISA box as a router, I was just trying to get something to work as a short term solution until some proper network planning could be done.
If ISA can't do it that's fine I'll need to find another way.
Ok,...I think you just missed the whole point. I just spent all that time telling you how you can make ISA act as the LAN Router. What I told you was not just an option or a simple suggestion that you can dismiss,...it is the way you have to do this and it should have been done this way from the beginning.
It was the last two options in my last post that I would consider simple options that you can dismiss.
If ISA can't do it that's fine I'll need to find another way.
Ok,...I think you just missed the whole point. I just spent all that time telling you how you can make ISA act as the LAN Router. What I told you was not just an option or a simple suggestion that you can dismiss,...it is the way you have to do this and it should have been done this way from the beginning.
It was the last two options in my last post that I would consider simple options that you can dismiss.
There is no "other way" to "find"
Now I guess if you pulled out the ISA, and assuming the Cisco VPN Device is a regular Firewall (like and ASA), then you could run with only the Cisco bos as the Firewall and everything would work. But you'd loose the ability to based internet access on who the user is rather than what machine they are sitting at.
However doing that would break the VPN Tunnel,..so you have to add a Static Route on the VPN Device so that it can find the VPN Device on the other side over the original path it was taking so that it could bring the VPN tunnel back up.
A last alternate option is that you could have created the VPN with the ISA itself (that is part of what it was built for) instead of adding any Cisco products.